Quietpc on Andrew's Memory Blog

Installing OpenBSD 7.4 for a Firewall

andrewmemoryblog@gmail.com (Andrew's Memory Blog) — Sun, 15 Oct 2023 23:45:00 -0700

Installing OpenBSD 7.4 was pretty simple. I followed the OpenBSD installation guide and used dd on a Linux box to write install74.img to a USB stick. Don’t use the .iso, it doesn’t boot. Then I booted off the USB stick. (You don’t have to disable UEFI.) I used a standard layout

At the time I wondered if I should install all the packages or not. I decided that maintenance would be simpler if I just went for everything, so I added all the packages including X. That turned out to be the right decision.

I used a relatively standard partitioning scheme, although I think I bumped up a few of the sizes. I probably should have bumped up X11R6 more, right now it’s at 41%:

/dev/sd0a 986M /
/dev/sd0l 295G /home
/dev/sd0d 291M /tmp
/dev/sd0f 5.8G /usr
/dev/sd0g 986M /usr/X11R6
/dev/sd0h 19.4G /usr/local
/dev/sd0k 5.8G /usr/obj
/dev/sd0j 2.9G /usr/src
/dev/sd0e 34.4G /var

Set up doas
#

After installing, I set up doas ‘cause I like seatbelts:

$ su
# vi /etc/doas.conf
permit persist andrewmemory as root
permit persist keepenv root as root

Install patches and packages
#

After that I installed patches:

$ doas syspatch
$ doas shutdown -r now

Next I installed a few useful packages:

$ doas pkg_add -i emacs mutt firefox wget

I picked the -no_x11 version for emacs, and the normal (not gpge, not sasl, not slang) version for mutt. I’m not going to be mailing to the world from this box, just looking at local emails. I also installed Firefox, which turned out to be another good idea. It’s a lot easier to search for doc on the firewall box itself than to ssh in.

Set up mfs for /tmp
#

Finally, I’m paranoid about wearing out my SSD, so I set up /tmp to be mfs in /etc/fstab using the useful instructions from Solene Rapenne:

$ doas vi /etc/fstab
#f1ea06b71e2dca43.d /tmp ffs rw,nodev,nosuid 1 2
swap /tmp mfs rw,nodev,nosuid,-s=300m 0 0

… and I had to boot to single-user mode to fix up permissions for /tmp:

$ doas umount /tmp
$ doas chmod 1777 /tmp
$ doas mount /tmp

Apparently tmpfs has been removed because it’s not supported, so mfs it is. I’ve got plenty of RAM for a /tmp file system, but I have delusions of putting most of /var in its own mfs file system, so I restricted /tmp to 300M.

Once that was done, I could log into a few other machines on my network to establish fingerprints for them. I also tested X by running startx, and then firefox, and it worked.

There were some noisy beeps
#

By default, OpenBSD rings the bell when you mistype certain things. That was annoying other people in the house, so I had to shut those up. That took two things. In ~/.login I added:

/sbin/wsconsctl keyboard.bell.volume=0

Then, I created ~/.xsession and added:

/usr/X11R6/bin/xset b off

This post is part of a series on setting up an OpenBSD 7.4 firewall device.

Buying new hardware for an OpenBSD firewall

andrewmemoryblog@gmail.com (Andrew's Memory Blog) — Sun, 15 Oct 2023 23:30:53 -0700

I knew going in that I wanted more than two ethernet ports for my OpenBSD firewall device. I had visions of multiple networks and/or a spare port that I could use when I screwed up my pf configuration. I also knew that I wanted HDMI so I could pop the firewall on my KVM switch - I’d used serial to the APU2 and that was not always wonderful. The Linux box would sometimes forget about the serial ports when they were plugged in for a while.

In the end, I got a random Intel N5105 mini-PC with four Intel ethernet ports. The HUNSN Micro Firewall Appliance, Mini PC, VPN, Router PC, Intel N5105, HUNSN RJ03, AES-NI, 4 x Intel 2.5GbE I226-V LAN, Type-C, TF, M.2 WiFi 6 Slot, Barebone, NO RAM, NO Storage, NO System was around $250 US. Add a Western Digital NVMe 500G drive and 16G of Cruical laptop RAM and I had something on which I could install a system. It’s low-powered enough that I don’t mind keeping it running 24/7, and high-powered enough that I’m not worried about it being a bottleneck.

[

I learned afterwards that the I226-V might potentially have a problem if you want to do 2.5G ethernet. So far, I haven’t experienced any network instability because of that.

As a belt-and-suspenders kind of thing, I bought a “silent” USB fan that sits on top of the case, just because the server room can get a little warm.

This post is part of a series on setting up an OpenBSD 7.4 firewall device.

Building a quiet MythTV box - selecting a case

andrewmemoryblog@gmail.com (Andrew's Memory Blog) — Fri, 20 Apr 2012 23:34:05 -0700

I’ve started looking around for a quiet but thermally good case for a MythTV box. My first thought was to do an HTPC case - the Lian Li HTPC C60 looked good.

But then I started worrying about airflow around the case. I’ve got a fairly narrow spot to put it in - about 46 cm - so a PC that’s 44 cm wide doesn’t leave a lot of room for cooling.

I decided to look into mini towers instead. The Lian Li V600F looks like it would be nice, but it has these ugly blue fans.

I also looked into the NZXT H2 (some were saying it was too flimsy), Antec P183 (too tall, not a mini tower) and Silverstone TJ-8e (an 18 inch fan in front, but only that. How hard to get a replacement when it dies?)

Now I’m leaning towards the Lian Li B10. It’s too bad that SPCR hasn’t reviewed it - they seem to know a thing or two about quiet and heat.

Building a quiet MythTV box - step 1 - thinking aloud

andrewmemoryblog@gmail.com (Andrew's Memory Blog) — Sun, 01 Apr 2012 01:32:13 -0700

Due to decreased WAF for the old MythTV box, I’m looking into building a quieter one. I’ve decided to do a couple of things differently:

Use HDHomeRun for capture cards. That way, I won’t be stuck to a particular bus architecture. It also means the capture cards won’t be generating heat in the case.
Use a pair of 5400 RPM hard drives (maybe a 2.5" one for the OS, and a 3.5" one for the recordings? Need to have fans on all of them to cool them down.
Replace all the fans with FDB or maglev bearing fans
Use an external PSU like the PicoPSU or something like that. Here’s an adapter to make it fit in a standard fan bay. (This might also be a good idea for ham radio PSUs…)
Use an HTPC case or at least a quiet PC case
Probably end up with an nVidia video card.
I think I want a core2 duo 3.1 MHz or so motherboard/ processor combo
Does the Pico PSU mean I won’t be able to drive a DVD player? Maybe another external one (eSATA?) Am I going to end up with a bunch of individual set top boxes?

The CPU cooling fans, video card and hard drives should generate most of the heat (and noise). Need to figure out how much power a video card uses.

Quietpc on Andrew's Memory Blog

Installing OpenBSD 7.4 for a Firewall

Set up doas #

Install patches and packages #

Set up mfs for /tmp #